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In the Claims 

For the convenience of the Examiner, all pending claims are set forth below, whether 
or not an amendment is made. Please amend the claims as follows: 

1 . (Currently Amended) Computer apparatus configured to discover roles from 
structure existing amongst users to whom resources have been assigned, the apparatus 
comprising: 

a processor, 

a discovery unit, operable via said processor, configured for searching for pattems 
within links between users and resources partitioned into a set of nodes of users and a set of 
nodes of resources, wherein: 

each user of said set of nodes of users comprises a node with an assignment of 
resources from the set of nodes of resources, and 

the links comprise said assignments between respective users and resources, 
a grouping unit, associated with said discovery unit, configured to use said discovered 
pattems to form at least one group from said user nodes or said resource nodes using said 
discovered pattems, such Siat that: 

users or resources having all ef or a subset of at least two links to common 
resources or users are automatically determined to be p laced into a same group, and 

the users or resources of the at least one group did not exist as a group prior to 
the discovery unit searching for pattems within the links, and 

an output unit configured for outputting said at least one group of users or resovirces 
as a role. 

2. (Currently Amended) The apparatus of claim 1, wherein said links comprise 
r e lationships are access permissions. 

3. (Currently Amended) The apparatus of claim 1, wherein said links comprise 
relationships ar e usage levels of respective resources by respective users. 

4. (Currently Amended) The apparatus of claim 2, wherein said links 
r e lationships further comprise user access permission levels for respective resources. 
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5. (Currently Amended) The apparatus of claim 2, wherein said at loast one 
group role is definitive of a user role on said network. 

6. (Currently Amended) The apparatus of claim 1, wherein said user nodes 
comprise entities having attributes, and said relationships r e present links comprise a 
respective user possessing a respective attribute. 

7. (Previously Presented) The apparatus of claim 2, wherein said discovery unit 
is associated with a search engine operable to use a search tree to begin with a single resource 
and its associated users, and iteratively to add resources and remove users not having a 
predefined relationship with said iteratively added resources, to meet a resource number, or a 
user number constraint. 

8. (Original) The apparatus of claim 7, wherein said search engine is operable to 
use a homogeneity measxure to determine whether to consider a candidate grouping in said 
search. 

9. (Original) The apparatus of claim 7, wherein said search engine is operable to 
use a homogeneity measure to determine in which order to consider a candidate grouping in 
said search. 

10. (Original) The apparatus of claim 7, wherein said search engine is operable 
within said iterative stages to add further resources common to a current set of users. 

11. (Original) The apparatus of claim 10, wherein said search engine is operable 
to compute a set of all users related to a current set of resources. 

12. (Original) The apparatus of claim 11, wherein said search engine is operable 
to consider for expansion all resources outside said current set of resources that have at least 
one relationship connection with a current set of users. 
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13. (Original) The apparatus of claim 8, wherein the set of users associated with 
each of said nodes is associated with attributes, and wherein said homogeneity measure is the 
percentage of occurrence of a given attribute, multiplied by the log value thereof, summed 
over all such users in said result. 

14. (Original) The apparatus of claim 8, wherein the set of resources associated 
with each of said nodes is associated with attributes, and wherein said homogeneity measure 
is the percentage of occurrence of a given attribute, multiplied by the log value thereof, 
summed over all such resources in said result. 

15. (Original) The apparatus of claim 8, wherein said homogeneity measure is the 
percentage of occurrence of a given resource relationship for any of the users associated with 
at least one of the resources of said node, multiplied by the log value thereof, sununed over 
all users of said node in said result. 

16. (Original) The apparatus of claim 8, wherein said homogeneity measure is the 
percentage of occurrence of a given user relationship for any of the resources associated with 
at least one of the users of said node, multiplied by the log value thereof, summed over all 
resources of said node in said result. 

17. (Previously Presented) The apparatus of claim 1, wherein said discovery unit 
is operable to use said pattern recognition within an iterative tree searching process. 

18. (Previously Presented) The apparatus of claim 1, wherein said discovery unit 
is operable to insert said groupings as an intermediate set amongst said nodes. 

19. (Previously Presented) The apparatus of claim 1, wherein said users and said 
resources are arranged into three sets, an intermediate one of said sets comprising 
predetermined relationship dependent groupings of at least some of the users in a first of said 
sets, said discovery unit being operable to use said pattem recognition to add new groups to 
said intermediate set. 
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20. (Previously Presented) The apparatus of claim 1, further comprising a 
graphical expositor operable to graphically represent said user nodes and said resource nodes 
within said sets. 

21. (Previously Presented) The apparatus of claim 20, wherein the graphical 
expositor is user interactive to manually modify the groupings discovered by the discovery 
unit. 

22. (Previously Presented) The apparatus of claim 20, wherein said graphical 
expositor is further operable to partition the graph into sub-graphs, each of the sub-graphs 
itself being a partitioned graph having at least two sets, the sub-graphs being limited to a 
subset of the users in one of the sets, and further comprising all the resources in the other set 
that are linked to users of said subset, and wherein said discovery unit is further operable to 
perform groupings on each of the subgraphs, and then to merge the results into a full graph. 

23. (Previously Presented) The apparatus of claim 20, wherein said graphical 
expositor is further operable to partition the graph into sub-graphs, each of the sub-graphs 
itself being a bi-partite graph limited to a subset of the resources in the second set, and further 
comprising all the users in the first set that are linked thereto, and wherein said discovery unit 
is further operable to perform groupings on each of the subgraphs, and then to merge the 
results into a full graph. 

24. (Original) The apparatus of claim 20, wherein said graphical expositor, is user 
interactive to allow an operator to review user group associations and user resource relations, 
and to allow said operator to manipulate user access rights. 
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25. (Currently Amended) Role discovery method for electronically grouping 
nodes according to existing relationships with resources, the method comprising: 

discovering existing relationship patterns between an arrangement of nodes and 
resources across a partition between said nodes and resources, wherein the patterns are 
discovered from predetermined relationships between ones of said resources and 
corresponding nodes, 

using said discovered pattems, automaticallv determining groupings of grouping said 
arrangement of nodes, wherein nodes within said grouped nod e s groupings share 
relationships with at least two common resources, 

wherein the nodes of each of the groupings did not exist a s a group prior to 
discovering the existing relationship pattems. and 

outputting said grouping of nodes having common pattems of at least two existing 
relationships as a role. 
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26. (Currently Amended) A device for discovering existing structiire in a 
partitioned arrangement of nodes and resovirces wherein nodes have relationships with 
various of said resources, the device comprising: 

a processor, 

a discovery unit configured to work with said processor, for discovering relationship 
patterns within existing relationships between a partitioned arrangement of said nodes and 
said resources, wherein: 

the arrangement comprises at least two sets, and 

the existing relationships comprise predetermined relationships defined 
between said nodes and said resources across said sets, and 

the discovery unit uses pattern recognition on said nodes, said resources and 
said predetermined relationships, 

a node-grouping unit associated with said pattem recognition unit and configured to 
operate with said processor to use said discovered relationship pattems to form automatically 
determine groups from said nodes, such that that: 

those nodes that share similar subsets of at least two relationships with said 
resources are placed in a group together, and 

the nodes of each group of said groups did not exist as a g roup prior to 
discovering the relationship pattems, and 

an output configured to oulput respective groups of nodes having said similar subsets 
of at least two relationships as roles. 
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27. (Cxirrently Amended) A computer device comprising: 
a processor, 

a first series of user definitions, each user in said definitions defined as a user node; 
a second series of resource definitions, each resource in said definitions defined as a 
resource node; 

access data indicating access of users to respective resources; 

a pattem recognition unit operable with said processor for recognizing pre-existing 
pattems in said access data, said pattems indicative of a way of grouping said user nodes of 
said each user so as to discover groups of user nodes having common subsets of access data 
related to at least two resources, 

wherein the user nodes of the discovered groups did not exist as a g roup prior to 
recognizing the pre-existing pattems in the access data, and 

a group definition unit operable with said processor and said pattem recognition unit 
configured to output groups so discovered as roles. 



28. (Cancelled) 
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29. (Currently Amended) Pattern recognition apparatus for grouping nodes 
according to relationships with other nodes, the apparatus comprising: 

a pattern recognition processor for using pattem recognition on links between nodes 
partitioned into a first set and a second set to find relationship patterns within said links, and 
from said pattems to form automatically determine at least one group from nodes of said first 
set, wherein said nodes being formed into said group share relationships with at least two 
nodes in said second set, 

wherein the nodes of the at least one group did not exist as a group prior to using 
pattem recognition on the links, and 

wherein the links define relationships across said partition between nodes in the first 
set and the second set. 
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30. (Currently Amended) A group discovery method, comprising: 

electronically searching for links between nodes partitioned into a first data set and a 

second data set, wherein: said links exist between nodes in the first data set and nodes in the 

second data set, emd 

automatically determining a grouping of nodes in said first set according to respective 
links found by the electronic searching such that all nodes in said first set having links to at 
least two commonly held nodes in said second set are assigned to a same group, thereby 
discovering groups in said data, data, and 

wherein the nodes of the grouping did not exist as a group prior to electronically 
searching for the links. 
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3 1 . (Cvirrently Amended) A method of grouping users having links or attributes 
into one or more groups based on said links or attributes, the method comprising: 

searching for the links or attributes of the users, wherein the links or attributes of each 
user characterize an association between the user and a resource; 

providing automaticallv determining a group for users sharing all ef or a subset of at 
least two of said links or attributes discovered by the searching step, 

wherein the users of the group did not exist as a group prior to se arching for the links, 

and 

outputting said automaticallv determined provided groups, group. 

32. (Previously Presented) The apparatus of claim 1, wherein said discovery unit 
is configured to carry out said searching by one member of the group consisting of a 
clustering algorithm, an incremental search and a search tree. 

33. (Previously Presented) The apparatus of claim 1, wherein said outputting said 
group comprises outputting a characteristic of said group. 
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34. (Currently Amended) A search method comprising: 

electronically searching data comprising nodes partitioned into first and second data 
sets, wherein links exist within said data between nodes in said first data set and nodes in said 
second data set, such links being discovered as a result of the electronic searching, and 

automatically determining grouping groupings of nodes in said first set according to 
respective links discovered as a result of the electronic searching such that all nodes in said 
first set having links to at least two commonly held nodes in said second set are assigned to a 
same gfeapr group, and 

wherein the nodes of each group in the groupings of nodes did not exist as a group 
prior to electronicallv searching the data. 
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35. (Currently Amended) A search apparatus for searching existing electronically 
held data, said electronically held data comprising nodes partitioned into first and second data 
sets, wherein links exist within said data between nodes in said first data set and nodes in said 
second data set the apparatus comprising: 

a search unit, configured for electronically searching for links within data comprising 
nodes partitioned into first and second data sets, wherein said links exist within said data 
between nodes in said first data set and nodes in said second data set, bb^ 

a structuring unit, associated with said search unit, configured for automatically 
determining grouping groupings of nodes in said first set according to respective links 
discovered by the search xmit such that all nodes in said first set having links to at least two 
commonly held nodes in said second set are assigned to a same group, thereby discovering 
groups in said data. data. 

wherein the nodes of each group in the groupings of nodes did not exist as a group 
prior to electronically searching for the links within the data. 



